Your network contains an Active Directory forest. The forest contains two domains named contoso.com and east.contoso.com. The contoso.com domain contains a domain controller named DC1. The east.contoso.com domain contains a domain controller named DC2. DC1 and DC2 have the DNS Server server role installed.
You need to create a DNS zone that is available on DC1 and DC2. The solution must ensure that zone transfers are encrypted.
What should you do?
A.
Create a primary zone on DC1 and store the zone in a zone file. On DC1 and DC2, configure inbound rules and outbound rules by using Windows Firewall with Advanced Security. Create a secondary zone on DC2 and select DC1 as the master.
B.
Create a primary zone on DC1 and store the zone in a DC=ForestDNSZones, DC=Contoso, DC=com naming context.
C.
Create a primary zone on DC2 and store the zone in a DC= DC=East, DC=Contoso/DC=com naming context. Create a secondary zone on DC1 and select DC2 as the master.
D.
Create a primary zone on DC1 and store the zone in a zone file. Configure DNSSEC for the zone. Create a secondary zone on DC2 and select DC1 as the master.
The Correct answer is B as Active Directory Intergrated zones are encrypted by default.
DNSSEC provides validation, not encryption.
Correct answer is B.
http://technet.microsoft.com/en-us/library/ee649277(v=ws.10).aspx